cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
328
Views
0
Helpful
2
Replies

PIX Firewall Placement

6mraddie
Level 1
Level 1

I have a pix firewall which I was planning to place between our msfc and our isp link. Since the connection to the isp is 100Mbps I didn't see the need to use another (border) router for media conversion.

We plan to run ebgp through the pix and have tested this with ebgp-multihop and static routes to bring up bgp and this works ok.

However, our isp tells me that this is not the norm and I was wondering if there are any potential problems with this setup.

2 Replies 2

thisisshanky
Level 11
Level 11

What type of termination is available on the pix outside interface towards your ISP ? Are you using cable, dsl ??? It would be a better idea to have a router on the outside interface, in many ways, First of all you can have IOS firewalling configured on the border router. Also adding more links for increasing bandwidth, multihoming, etc would be easy.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

jeremy.buck
Level 1
Level 1

Just curious,

1) Will you be running NAT or can you run NAT?

If so, your ISP's router should already by adversting its directly connected network therefore, Is it possible you can NAT/PAT all inside networks to the existing address 'you hold' and just put the firewall in line with your connection to the ISP? (You would be making the global NAT/PAT address the address the ISP has given you)

If you have services running on networks that you otherwise need advertisded to the NET you can port forward to them provided you are running version 6.2.2 +.

This eliminates the headache of BGP.

Let me know,

-Jeremy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: